b"\xc2\xa0\n\n\n\xc2\xa0\n    Office\n         e\xc2\xa0of\xc2\xa0Insp\n              I pector\xc2\xa0Geeneraal\xc2\xa0\n\xc2\xa0\n\xc2\xa0\n\xc2\xa0\n\xc2\xa0\n\xc2\xa0\n\xc2\xa0\n\xc2\xa0\n\xc2\xa0\n\xc2\xa0\n          FY 2013 Financcial State\n                                 ement\n              Managemeent Letterr\n\xc2\xa0\n\xc2\xa0\n                    A14-0\n                        01A\n\xc2\xa0\n\xc2\xa0\n\xc2\xa0\n\xc2\xa0\n\xc2\xa0\n\n\n\n\n\xc2\xa0\n\xc2\xa0\n\xc2\xa0\n\xc2\xa0\n              Ja\n               anuary 2014\n\n\xc2\xa0\n\xc2\xa0\n\xc2\xa0\n\xc2\xa0\n\n    FEDER\n        RAL MAARITIM\n                   ME CO\n                       OMMISSSION\n\n\x0c\x0c\xc2\xa0\n\xc2\xa0\n\xc2\xa0\n\n          Lastly, the recommendation for comment # 4 relates to the lack of a contingency\n    plan to ensure continuity of operations in cases of emergency. Management agrees this is\n    an issue and has plans to address the deficiency. The status of this issue will be reviewed\n    during the OIG\xe2\x80\x99s FY 2014 Federal Information Security Management Act evaluation.\n\xc2\xa0\n          The OIG appreciates the attention and cooperation by FMC management and staff.\n    I am happy to meet with you to discuss these issues, and I can be reached at (202) 523-\n    5258.\n\nAttachment\n\nCC: \t Office of the Managing Director\n      Office of Budget and Finance\n      Office of Information Technology\n\n                                                  \xc2\xa0\n\x0c          MANAGEMENT LETTER \n\nON THE FY 2013 FINANCIAL STATEMENT AUDIT \n\n    OF FEDERAL MARITIME COMMISSION \n\n\n\n\n\n                                  MANAGEMENT CONSULTANTS &\n\n                                 CERTIFIED PUBLIC ACCOUNTANTS\n\n\x0c  MANAGEMENT CONSULTANTS &\n\n CERTIFIED PUBLIC\n               IC ACCOUNTANTS\n\n\n\n\nDecember 30, 2013\n\nFederal Maritime Commission\nWashington, D.C.\n\n\nWe have audited the financial statements of the Federal Maritime Commission (the Commission), as\nof and for the years ended September 30, 2013 and 2012, and have issued our report thereon dated\nDecember 2, 2013. In planning and performing our audit of the financial statements of the\nCommission, we considered internal control over financial reporting in order to determine our\nauditing procedures for the purpose of expressing an opinion on the financial statements.\n\nDuring the course of our audit, we had the opportunity to observe various accounting and operating\nmatters, as they relate to the Commission. Based on our audit, we have additional observations and\nrecommendations. Even though, the matters described in this management letter are not considered\nsignificant deficiencies, as defined by the American Institute of Certified Public Accountants, these\nmatters are still important in the overall internal control structure of the Commission and require\nmanagement\xe2\x80\x99s attention.\n\n\n                                    Prior Year Findings - Updated\n\nThere were no findings and recommendations in the prior year.\n\n\n                                       Current Year Comments\n\n# 1: The Commission\xe2\x80\x99s Office of Budget and Finance does not have access to the Internet\nPayment Platform (IPP) in order to monitor invoice and payment approval activities of the\nContracting Officer\xe2\x80\x99s Representatives and Bureau of the Public Debt\xe2\x80\x99s Administrative\nResource Center.\n\nThe Bureau of the Public Debt\xe2\x80\x99s (BPD) Administrative Resource Center (ARC) uses the U.S.\nTreasury Financial Management Service's IPP, an electronic invoice processing solution\n(mandated for all Treasury Bureaus by the Department of Treasury), to process invoices and\nmake payments on behalf of the Commission. IPP is a web-based electronic invoicing and\npayment information system that is hosted by the Federal Reserve Bank of Boston. Purchase\nOrders are interfaced from the Oracle system, maintained by ARC, to IPP. Invoices are\nsubmitted in IPP by either the vendor or ARC personnel, and are routed to the Commission\xe2\x80\x99s\ndelegated Contracting Officer\xe2\x80\x99s Representatives (CORs) for approval. Upon approval, the\ninvoice is scheduled for payment. Payment is then made by ARC when due.\n\nThe Commission\xe2\x80\x99s Chairman has delegated administrative funds control to the Director, Office\nof Budget and Finance (OBF), through Commission Order 77, Administrative Control of Funds.\nThe Director is therefore responsible for approving, certifying, or otherwise authorizing those\nactions dealing with the use of funds made available to the Commission.\n\n           1400 Eye Street, NW, Suite 425, Washington, DC 20005 Tel 202-296-7101 Fax 202-296-7284\n\x0cDuring our fieldwork, we noted that invoices submitted in IPP, by either the vendor or ARC\npersonnel, were routed to the CORs for approval; and were subsequently scheduled for\npayment, and then paid without being reviewed by the OBF. We noted that OBF has\nestablished limits for purchase orders in the Oracle system, and have adequate controls in place\nto ensure that those limits are not exceeded. However, the lack of review by OBF, of invoices\napproved for payment by the CORs on a routine basis, puts the Commission at risk of making\npayments that should not have been authorized. The IPP, as presently set-up, without access by\nOBF, does not allow for adequate monitoring of the payment approval activities of the CORs\nprior to payments being made.\n\nRecommendation: We recommend that the Director of OBF establish a procedure to routinely\nmonitor the payment approval activities of the CORs, prior to payments being made by the\nCommission.\n\n\n# 2: Penalties and Fines levied by the Commission were recorded as Accounts Receivable,\nrather than Custodial Activity.\n\nAccounts receivable are legally enforceable claims for payment to an entity by its customers or\nclients for goods supplied and/or services rendered in execution of the customers\xe2\x80\x99 or clients\xe2\x80\x99\norders. Penalties and fines, on the other hand, are financial impositions by a government agency\nas restitution for wrongdoing. The wrongdoing is typically defined by a codification of\nlegislation, regulations, or decrees.\n\nAlthough the Commission collects remittances for user fees and penalties, the Commission is not\nauthorized to offset any of its budget authority by utilizing these funds. The collections are\ndeposited directly into the Treasury General Fund, and captured in the Statement of Custodial\nActivity. As such, the Commission is considered an administrative agency, collecting funds for\nanother government entity or the General Fund of the United States. As a collecting entity, the\nCommission is required to measure and report cash collections and refunds. These collections are\nrequired to be reported as custodial activity on the \xe2\x80\x9cStatement of Custodial Activity.\xe2\x80\x9d The type of\ncash collected is for fines, penalties, and administrative fees. A small portion is for interest on\nthe past due fines. Another part of the custodial activity is the application fees for licenses issued\nto qualified Ocean Transportation Intermediaries (OTI\xe2\x80\x99s) in the U.S., Commission reviews,\npetitions, status changes, and special permission fees.\n\nDuring our fieldwork, we noted that the Commission recorded penalties, fines, and forfeitures as\nreceivables on its books of accounts, rather than custodial activity. The matter was brought to\nthe attention of the Commission\xe2\x80\x99s Office of Budget and Finance (OBF), and Bureau of the\nPublic Debt\xe2\x80\x99s Administrative Resource Center (ARC), and was promptly rectified. We\ncommend the management of OBF, and ARC, for taking immediate action to properly\nreclassify the penalties, fines, and forfeitures.\n\nRecommendation: We are not making any recommendation, due to the actions already taken by\nOBF and ARC. We, therefore, consider this comment closed.\n\n\n\n\n                                                  2\n\n\x0c# 3: Comprehensive contract database is not maintained to facilitate tracking of open\ncontracts/obligations for timely contract/obligation closeout.\n\nCommission Order 112, Procurement, establishes standards and procedures for the\nprocurement of materials, equipment, and services for the Commission; and serves as internal\nagency guidance for all applicable Commission acquisitions, in accordance with the Federal\nAcquisition Regulation (FAR), and as set forth in Titles 41 and 48 of the Code of Federal\nRegulations. These standards and procedures are promulgated to ensure that materials,\nequipment, and services are obtained efficiently, economically, and in compliance with the\nprovisions of the FAR, and all applicable Federal laws.\n\nCommission Order 112 also charges the Director, Office of Management Services (OMS), as the\nprincipal Contracting Officer for the Commission, with the overall responsibility for managing\nthe Commission\xe2\x80\x99s procurement program. Explicit in this responsibility is compliance with FAR.\nFAR, Subchapter A- General, Part 4, Administrative Matters, Subpart 4.6- Contract Reporting,\nrequires the head of a contracting activity to develop a monitoring process to ensure timely and\naccurate reporting of contractual actions to the Federal Procurement Data System (FPDS).\nImplicit in this requirement is the need for a comprehensive database to track contracts in open,\ncompleted, or closeout status. The database will also facilitate efficient use of the Commission\xe2\x80\x99s\nresources; since obligated funds remaining on contracts in completed or closeout status can be\neasily identified, de-obligated, and re-programmed, as may be considered necessary.\n\nDuring our fieldwork, we noted that OMS did not maintain a database at a level necessary to\nfully support the requirements of FAR, as discussed in the preceding paragraph. Although\nOMS currently tracks open contracts and obligations, manually; the manual process does not\nallow for timely identification of contracts that meet the criteria for funds de-obligation or\ncloseout.\n\nRecommendation: We recommend that the Director of OMS develop a comprehensive contract\ndatabase to facilitate tracking of open contracts/obligations, for timely funds de-obligation or\ncloseout.\n\n\n# 4: The Commission has not developed a contingency plan to ensure continuity of operations\nin cases of emergency.\n\nIn planning and performing our audit of the financial statements of the Commission, we\nobtained and reviewed reports issued by other agencies to enable us to adequately assess risks\nrelated to the audit. During this process, we reviewed an FMC Office of Inspector General\nreport titled \xe2\x80\x9cEvaluation of the FMC\xe2\x80\x99s Compliance with the Federal Information Security\nManagement Act FY 2012,\xe2\x80\x9d report number A13-03, December 2012. Comments therein from\nthe Commission\xe2\x80\x99s Office of Inspector General indicated that a disaster recovery plan has not\nbeen developed and put into operation by the Commission. Inquiry of management during our\naudit confirmed that the condition, as noted in the report, still exists and is unresolved.\n\nInformation technology (IT) and automated information systems are vital elements in most\nbusiness processes. Because these IT resources are so essential to an organization\xe2\x80\x99s success, it is\n                                                3\n\n\x0ccritical that the services provided by these systems are able to operate effectively, without\nexcessive interruption. Contingency planning supports this requirement, by establishing thorough\nplans and procedures, and technical measures that can enable a system to be recovered quickly\nand effectively following a service disruption or disaster. Contingency planning refers to interim\nmeasures to recover IT services following an emergency or system disruption. Interim measures\nmay include the relocation of IT systems and operations to an alternate site; the recovery of IT\nfunctions, using alternate equipment; or the performance of IT functions, using manual methods.\n\nNational Institute of Standards and Technology (NIST) Special Publication 800-34, Rev. 1,\nContingency Planning Guide for Federal Information Systems, provides instructions,\nrecommendations, and considerations for government IT contingency planning, as noted in the\nreport.\n\nRecommendation: We recommend that the Director, Office of Information Technology, follow\nthe recommendation of the Office of Inspector General and develop and put into operation, a\ncontingency plan that is consistent with the requirements of NIST 800-34.\n\n\nWhile this report is intended solely for the information and use of the management of the\nFederal Maritime Commission, it is also a matter of public record; and its distribution is,\ntherefore, not restricted.\n\n\n\nRegis & Associates, PC\nWashington, DC\n\n\n\n\n                                                4\n\n\x0cUNITED STATES GOVERNMENT                                        FEDERAL MARITIME COMMISSION\n\n Memorandum\n\nTO        :   Inspector General                             DATE: January 29, 2014\n\n\nFROM      :   Managing Director\n\n\nSUBJECT :     Management Letter on the FY 2013 Financial Statement Audit\n\n\n\n               This is offered in response to the Management Letter on the FY 2013 Financial\n       Statement Audit of the Federal Maritime Commission prepared by Regis & Associates,\n       PC, dated December 30, 2013. Regis & Associates states that \xe2\x80\x9cthe matters described in\n       this management letter are not considered significant deficiencies,\xe2\x80\x9d yet \xe2\x80\x9cthese matters are\n       still important in the overall internal control structures of the Commission and require\n       management\xe2\x80\x99s attention.\xe2\x80\x9d\n\n              FMC management has reviewed and considered each of the four comments\n       offered. Comment number 2 did not include a recommendation and is not responded to\n       herein. Comments 1, 3, and 4, and their recommendations, are responded to below.\n\n\n       Comment #1: The auditor commented that the Commission\xe2\x80\x99s Office of Budget and\n       Finance (OBF) does not have access to the Internet Payment Platform (IPP) in order to\n       monitor invoice and payment approval activities of the Contracting Officer\xe2\x80\x99s\n       Representatives (CORs) and the Bureau of the Public Debt\xe2\x80\x99s Administrative Resource\n       Center. It was recommended that the Director, OBF, establish a procedure to routinely\n       monitor the payment approval activities of the CORs, prior to payments being made by\n       the Commission.\n\n       Response: FMC management is of the opinion that monitoring of payment approval\n       activities by the OBF prior to payments being made is unnecessary. IPP system and\n       process controls are in place to prevent payments from exceeding the amount of funds\n       obligated for specific purchase orders. Agency CORs receive training and certification in\n       such areas as invoice review and approval prior to receiving their COR delegation letter\n       from the agency Contracting Officer. Further, payments for commercial vendors only are\n       processed through the IPP. At the FMC, less than 5% of our annual appropriation is\n       typically spent on commercial procurements. Additionally, FMS (formerly BPD) will\n       soon begin a post payment audit process where they will be auditing a sample of FMC\n       invoices each month and issuing result findings. This will provide useful information on\n       the performance of the FMC\xe2\x80\x99s CORs.\n\x0cComment #3: The auditor commented that a comprehensive contract database was not\nmaintained to facilitate tracking of open contracts / obligations for timely contract /\nobligation closeout. It was recommended that the Director, OMS, develop a\ncomprehensive contract database to facilitate the tracking of open contracts and/or\nobligations for timely funds deobligation or closeout.\n\nResponse: Currently, the agency Contract Specialist maintains a status report in the form\nof an Excel spreadsheet of all contract actions, including purchase orders, contracts and\ninteragency agreements, which includes close-out dates and notes on OMS/Procurement\ncontact with CORs and program offices. It is understood by OMS that a comprehensive\ndatabase could facilitate obligation closeouts and enhance the ability to prepare for\nupcoming obligation requirements, such as the exercising of contract options and\nobligation of additional funds after a period of temporary funding, such as the Continuing\nResolution. However, until such a database is created, OMS will continue to provide\nstatus of all contract actions via the spreadsheet. As the agency develops and implements\nits Enterprise Content Management system (ECM), an appropriate application will be\nprepared to electronically facilitate and monitor the contracting requirements of the\nagency. No immediate modification to the current system is projected.\n\n\n\nComment #4: The auditor commented that the Commission has not developed a\ncontingency plan to ensure continuity of operations in cases of emergency. It was\nrecommended that the Director, OIT, follow the Office of Inspector General\xe2\x80\x99s\nrecommendation to develop and put into operation a contingency plan consistent with the\nrequirements of NIST 800-34.\n\nResponse: Management is aware of this requirement and, as indicated in the agency\xe2\x80\x99s\nresponse to the FY 2013 FISMA audit, necessary documentation will be completed\nduring FY 2014 to acknowledge and accept this risk. Management is aware of the need\nfor a finalized contingency plan (COOP) and will make efforts to effectuate such a plan\nas resources are made available. This matter will be addressed in the future with the\ndevelopment and implementation of the agency\xe2\x80\x99s Disaster Recovery Plan.\n\n\n\n\n                                            Vern W. Hill\n\ncc: \t   Office of Budget and Finance\n        Office of Management Services\n        Office of Information Technology\n        Office of the Chairman\n\x0c"